You are here

Advanced iOS virus targeting Hong Kong protestors: security firm

Wednesday, October 1, 2014 - 09:19

[BOSTON] Cybersecurity researchers have uncovered a computer virus that spies on Apple Inc's iOS operating system for the iPhone and iPad, and they believe it is targeting pro-democracy protesters in Hong Kong.

The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday.

They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon.

It is unclear how iOS devices get infected with Xsser, which is not disguised as an app.

Lacoon Chief Executive Michael Shaulov told Reuters that Xsser is the most sophisticated malware used to date in any known cyberattack on iOS users. "This is one the most interesting developments we have seen," he said. "It's the first real indication that really sophisticated guys are shifting from infecting PCs or laptops to going after iOS devices." The code used to control that server is written in Chinese. The high quality of the campaign and the fact it is being used to target protesters suggests that it is coming from a sophisticated attacker in China, Shaulov said. "It is the first time in history that you actually see an operationalized iOS Trojan that is attributed to some kind of Chinese entity," he said.

A Trojan is a term used by cyber researchers to describe malware that enters a device disguised as something harmless.

Still, he said that his company's research team has yet to identify any specific victims of the iOS Trojan.

Lacoon said on its blog that it is possible the attackers might have deployed the Trojan in other places, in addition to spying on pro-democracy protesters in Hong Kong. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments," they said in a blog post describing their analysis. - Reuters